2024 AIChE Annual Meeting
(117f) Adversarial Data in Demand Side Management
Author
and production in time. Thus, DSM is a substantial component of the industry’s transition to renew-
able electricity sources that fluctuate over short intervals (Mitsos et al., 2018). Generally, delivery and
consumption commitments are due before the market is settled and the prices are set. Thus, accurate
electricity price forecasting (EPF) is vital to make profitable DSM decisions. Critically, DSM planning
must ensure feasible and safe operation, which is challenging with dynamic process operation and process
inertia. Machine learning tools are promising options for optimal DSM with reasonable computation
times for scheduling optimization (Tsay and Baldea, 2020; Schweidtmann et al., 2021). Furthermore,
machine learning has proven to be a capable tool for EPF (Jedrzejewski et al., 2022), which is paramount
to obtaining the necessary data to decide on DSM schedules in advance. However, ANNs are known to
be susceptible to adversarial attacks, i.e., targeted modifications of input data that induce significant
changes to the model outputs (Xu et al., 2020). Security measures become difficult for extrapolation
using forecasting models, e.g., for the prediction of electricity prices (Nowotarski and Weron, 2018). In
this work, we study how adversarial attacks on the combined decision-making process of EPF and subse-
quent DSM affect the operation of chemical plants. We propose a black-box attack scheme that intercepts
and modifies the data flow of load forecasts and, thus, forces the DSM to result in financial losses for
the production company. We implement an adversarial attack based on the fast gradient sign method
(FGSM) (Goodfellow et al., 2015). We consider a grid-scale battery storage case study and a chlorine
production plant (Brée et al., 2019). Both case studies use EPFs from multivariate regression models
with exogenous input features comprised of renewable electricity production and demand forecasts. No-
tably, the black-box scheme allows adversaries to compute the necessary sensitivities to design the data
modifications without knowledge of the EPF model or the DSM optimization model. The quantitative
analysis reveals how barely noticeable modifications of the residual load forecasts can lead to significant
deterioration of the decisions by the optimizer. The results implicate a significant threat, as attackers
can design and implement powerful attacks without infiltrating secure company networks.
Refenrences:
- Brée, L. C., Perrey, K., Bulan, A., and Mitsos, A. (2019). Demand side management and operational
mode switching in chlorine production. AIChE Journal, 65(7):e16352.
- Goodfellow, I., Shlens, J., and Szegedy, C. (2015). Explaining and harnessing adversarial examples. In
International Conference on Learning Representations, pages 1–11.
- Jedrzejewski, A., Lago, J., Marcjasz, G., and Weron, R. (2022). Electricity price forecasting: The dawn
of machine learning. IEEE Power and Energy Magazine, 20(3):24–31.
- Mitsos, A., Asprion, N., Floudas, C. A., Bortz, M., Baldea, M., Bonvin, D., Caspari, A., and Schäfer,
P. (2018). Challenges in process optimization for new feedstocks and energy sources. Computers &
Chemical Engineering, 113:209–221.
- Nowotarski, J. and Weron, R. (2018). Recent advances in electricity price forecasting: A review of
probabilistic forecasting. Renewable and Sustainable Energy Reviews, 81:1548–1568.
- Schweidtmann, A. M., Esche, E., Fischer, A., Kloft, M., Repke, J.-U., Sager, S., and Mitsos, A. (2021).
Machine learning in chemical engineering: A perspective. Chemie Ingenieur Technik, 93(12):2029–2039.
- Tsay, C. and Baldea, M. (2020). Integrating production scheduling and process control using latent
variable dynamic models. Control Engineering Practice, 94:104201.
- Xu, H., Ma, Y., Liu, H.-C., Deb, D., Liu, H., Tang, J.-L., and Jain, A. K. (2020). Adversarial attacks and
defenses in images, graphs and text: A review. International Journal of Automation and Computing,
17:151–178.